WebBased Ltd

eLearning Platform

The eLearning module allows you to manage, deliver and track eLearning for everyone in your workforce. It saves time and money by enabling your staff to take training from their desk, which allows for faster delivery of training and less employee time lost in travelling to venues.


  • Customisable features to match your workflow
  • Designed to match your brand guidelines
  • Available 24/7, access from anywhere
  • Full training records for staff (can be integrated with CPD)
  • Powerful evaluation tool makes measuring impact easy
  • Clear categorisation and powerful search tools for your online learning
  • Profit and loss reports. Optional finance integration and online payments.
  • Full reporting suite to monitor mandatory and non-mandatory training
  • Optional HR / SSO integration
  • Use externally-sourced content, or content you have created


  • Accurate visibility of impact and costs
  • Remove mundane tasks from administrators
  • Save money through efficiency and resource allocation
  • Improved compliance for training records
  • Improved data accuracy
  • Improved skills base in your business
  • Increased take up of relevant courses
  • Engage hard-to-reach groups who wouldn’t normally attend training in person
  • Provide clear evidence of training in key areas, e.g. Safeguarding


£1250 per instance per year

Service documents

G-Cloud 10


WebBased Ltd

Martine Davies



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints We have planned maintenance slots once monthly from 9pm to 3am over a Sunday night into a Monday morning. These dates are communicated to clients well in advance.

Ports 80 and 443 need to be open for web browsing.
System requirements Modern, standards-compliant browser. IE8+, Firefox, Chrome, Safari

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We have standard SLA response times. All emails receive an initial response within one hour. Resolution times for queries and issues vary depending on the severity of the issue.

Our standard service desk support hours are 08:30 - 17:30 Monday to Friday.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a single, standard support package, described below. The support cost is calculated based on the number of users you will have.

A dedicated project manager is assigned to any new purchase, and stays with the project throughout its lifecycle, until Live delivery. At that point, it is handed over to the Support team, and a dedicated Product Manager (technical account manager) and Product Support officer are assigned to look after the client throughout the lifetime of the contract.

WebBased operate a support desk for clients which includes email and phone support, from 08:30 to 17:30 Monday to Friday, excluding bank holidays. Nominated contacts at the client organisation can contact the support desk at any time to request help with using the site, talk about future developments, or raise issues.

One day's on-site training is provided as part of the implementation, where we 'train the trainer' so they become product champions, and help embed their learning into the organisation. Further days' training are available at our standard rate.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We operate a ‘Train the trainer’ approach, which ensures knowledge of the system is embedded with key staff members who can grow and disseminate their knowledge. WebBased will provide training to selected Client staff members to enable full use of the system from a user and system administrator perspective. This training will be for a specific group of Client staff, not all end users.
As part of the project rollout, we provide a day’s training to the staff members who will be the System Administrators, on the understanding that they will train their colleagues. We can also run remote training sessions, for example via GoToMeeting or Skype, where client representatives cannot make the training session(s) in person.
We also provide full user guides for different levels of access, and our CPD Hub has a wealth of useful resources.

Site users and administrators can benefit from the comprehensive range of help and support material that we provide. This includes quick-start guides, user manuals, online help videos and FAQ sections. All help material is tailored to the different user roles to ensure that site users can easily access the support material that is relevant for them
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contract, we provide a view of the client's data as an Excel download. Further data manipulation facilities can be provided to export the data in specific formats at an additional cost.

It is provided as an encrypted file, transferred preferably via the client's existing secure file transfer system.
End-of-contract process At the end of the contract, the site is scheduled to be taken offline at a mutually-agreed date. Any domains that are managed by us can be transferred to the client's control if required.

A raw data extract is included in the standard price. If further data manipulation is required, this is chargeable at our daily rate.

All client data is securely deleted at the end of the contract period.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our site has been designed to provide a fully responsive experience to general users, so they can access the software on any device with a standard browser, and the elements will stack gracefully.

However, we expect that administrators will do the majority of their administration work via desktop or laptop, and so the back-end has not been designed to be responsive.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing We have tested our platform with JAWS for screen reader capability and it performs well.
Customisation available Yes
Description of customisation The look and feel of the site can be customised to suit your branding in terms of colours, logos and fonts. This is done in-house to ensure that look and feel is consistent. More in-depth design updates are possible at an extra cost.

The site can be further customised to accommodate requirements throughout the lifetime of the contract. This is done via a change control process and development days are costed at our standard day rate. This means that the system can grow and develop in line with our in-house processes, and that you are not tied into a set development plan or timeline, and no features will be rolled out to you without your consent.


Independence of resources Our systems already have high usage from a large number of clients and the system copes well. We are alerted to any spikes in usage and can adapt and deal with the increased load as required.


Service usage metrics Yes
Metrics types We provide monthly reports extracted from Google Analytics, showing site usage over time.

We are in the process of building user dashboards which will provide self-service metrics to site administrators.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Our system offers a number of pre-built reports, which export in MS Excel format. Users can choose from a variety of course attendance and finance reports, and choose from a number of filters and fields to bring back exactly the data they need.

Since the data is exported as Excel, it can then be further queried, or imported into e.g. HR or Finance systems to update training records or raise invoices.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our services offer 99.7% uptime, including planned maintenance periods.

We do not currently offer any financial compensation if uptime is not met.
Approach to resilience Data available on request.
Outage reporting This is a very rare occurrence, and our standard approach is to call all clients to inform them of any unscheduled downtime, as they may not read emails straight away. Our approach is one of customer intimacy, and this is evident in the way we deal with such incidents.

We also follow this up with an email alert, and we will notify our users immediately when service is resumed.

Internally, our systems team monitors site and server activity at all times, and automated notifications are in place to inform them immediately of any issues that might affect site performance, so we can address it before it becomes an issue. We also have an internal reporting dashboard that helps us find and identify errors and external cyber threats before they become a problem.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Our system provides granular access levels, where each role in the system is restricted to certain permissions.
Only users with Administrator level privileges may access administrative interfaces, and access to admin interfaces is further restricted based on the Administrator Level (e.g. Tutors can only see events where they are assigned as Tutor, Event Admins can create and edit events, but not publish).
Our support desk is accessed via a dedicated email address, and our case tracker site is restricted by user authentication, so only client users who have been granted access can view.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have an Information Security Policy (developed in-house), which includes our policy for data handling and storage. All staff are trained in
data handling as part of their induction.

The policy is in place to allow us to comply with legislation including:
 Companies Act (2006)
 Health and Safety Act
 Interception of Communication Act (1985)
 The Data Protection Act (1998)
 Copyright, Designs and Patents Act (1988)
 Computer Misuse Act (1990)
 Regulation of Investigatory Powers Act (2000)
 Freedom of Information Act (2000)
 Human Rights Act (1998)

The Systems Manager is responsible for implementation of this policy through the appropriate standards and procedures. The SMT are responsible for regularly reviewing this policy.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Most software as a service products have a high licensing cost to support the ongoing development of features for the many. We have found that over a total cost of ownership (3+ years), custom development on our platform offers our customers financial savings, a product that more closely aligns to their processes, functions that are designed to fit, minimal bloating of software code and ultimately a more secure and robust software platform.
This approach allows us to ignore per usage or user licensing.
Custom updates to your system are governed by our Request for Change process.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threats are identified by running monthly perimeter scans on our public facing services and subscribing to all relevant mailing lists.
Updates/Patches are installed as part as a monthly maintenance period, critical updates/patches are assessed individually and may be installed sooner. This would be agreed with the client.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have active monitoring and notification alerts for detected vulnerabilities so we can address them quickly and efficiently.
In addition, all relevant systems use automatically updating antivirus/malware software which is managed/monitored centrally.
Incident management type Supplier-defined controls
Incident management approach We have an internal incident management process for common events, which is managed by our systems team.

We ask that end users report incidents by phone so they can be picked up immediately. If an internal member of staff identifies an incident, they will also report it verbally to a senior manager and the systems team.

Our incident report process is internal only and follows an internal reporting route where information is gathered on technical and operational impacts and action points agreed to prevent recurrence.

Incident reports can be provided to clients on request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1250 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Users can access our Demo site, normally for a period of around 4-6 weeks. The site includes all available eLearning functions, except 3rd party integration options (e.g. integration with a 3rd party HR or Finance system).
Link to free trial https://cpdonlinedemo.co.uk/


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑